The Internet, which in essence includes a large number of networked computers distributed throughout the world, has become an extremely popular source of virtually all kinds of information. Increasingly sophisticated computers, software, and networking technology have made Internet access relatively straightforward for end users. For example, conventional browser software allows a user to request information such as a web page from a web site on one or more remote computers. To this end, the user provides the address of the web page (e.g., a uniform resource identifier, or URI) in some manner to the browser software, and the browser software transmits the request using a well known communication protocol such as the HyperText Transport Protocol (HTTP). The request is then routed to the destination computer or web site based on the address.
When the request is received, the remote web site evaluates the request and returns an appropriate response, which may include the information requested in some formatted content, e.g., a HyperText Markup Language (HTML) format. The browser software parses and interprets the returned content to render a page or the like upon the user's computer display.
When accessed, some web sites attempt to store information on the user's computer, in a small text file referred to as a cookie. Many times this is desirable to the user, e.g., so that the user does not have to repeatedly resubmit information manually to the remote computer hosting the web site, but instead can automatically provide the information as stored in the cookie. For example, a user can allow cookies to be stored on his or her computer so as to be able to view some web sites, and/or to take advantage of desirable customization features, such as local news and weather, or stock quotes. Such a cookie is likely a persistent cookie, which remains on the user's computer when the browsing software is closed, so that the cookie can be read by the web site that created it when that site is later revisited. Alternatively, a temporary or session cookie may be stored on a user's computer only for the current browsing session. Such a cookie is deleted from the computer when the browsing software is closed.
While some cookies are thus valuable to users, other cookies allow abuse of the user's privacy, essentially by allowing access to personally identifiable information that may be used for a secondary purpose, without the user's consent or knowledge. For example, less-than-trustworthy web sites can invade a user's privacy by tracking other web sites that the user has visited. Such a site may do this by storing a cookie on the user's machine, and then having advertisements or the like embedded in other web sites. When such other web sites are visited, the embedded web site can retrieve its cookie, identifying the user, along with the name of the web page the user is trying to access, and thereby obtain information indicating that the user visited the specific site. Over time, this information may be collected and analyzed to profile a user's web surfing habits across a set of web sites. Such information may be used for many purposes even though a user would not want that information known. For example, the information may be used for targeted advertising, resold to others, and so forth.
In sum, cookies are widely used in data collection, but simply disabling cookies is impractical because many users benefit from legitimate ones upon which applications depend. A solution such as prompting the user before allowing any cookie storage (or recall) is undesirable because such prompting interrupts and annoys many users. At the same time, however, many web users are increasingly concerned that web sites can use cookies or the like to locate them in the physical world, profile them in the virtual world, and/or correlate this information to obtain an essentially complete user identity picture. Many web users also express concerns over web sites sharing their personal data with other parties, such as for online behavior analysis. Still further, many other users are unaware of such data collection practices, or at least the extent of it and the specific details being collected, and thus are uncertain as to what actions can be taken to counter such activity and reasonably protect personal privacy.